If you share patient health data with a third-party vendor, you could be putting your practice at risk of a HIPAA fine!

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a HIPAA fine of $31,000 against the Illinois-based Center for Children’s Digestive Health (CCDH). The HIPAA fine was issued for a missing Business Associate Agreement (BAA) between CCDH and FileFax, its file storage vendor.

Social media use can pose serious issues to your practice’s HIPAA compliance if patient information is not properly protected.

Photos and stories from one’s workday are commonplace on Facebook and Twitter. In most industries, these posts are routine and harmless–no different than vacation photos or memories from years gone by.

Listen to our live podcast from The National Council of Behavioral Health’s annual conference NatCon with CEO Marc Haskelson and Behavioral Health Channel Director David Kay.

HIPAA policies and procedures are an essential part of implementing an effective compliance program in your behavioral health practice.

HIPAA Privacy and Security standards must be addressed by a series of policies and procedures that work throughout your entire practice, according to federal regulation. These policies and procedures form the basis of an effective compliance program–all activities involving the use, storage, and distribution of protected health information (PHI) are governed by these regulatory standards.

Understanding HIPAA security standards is an important element in becoming HIPAA compliant. HIPAA regulation mandates that covered entities, such as physicians, insurance companies, and health care clearinghouses, implement an effective compliance program that addresses the full spectrum of security standards to safeguard patient health data.

The March 1st HIPAA Breach Report Deadline is fast approaching. The HIPAA Breach Notification Rule requires health care providers to report breaches of unsecured protected health information (PHI) within 60 days from the end of the calendar year to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

Presence Health is one of Illinois’ major healthcare networks. Presence operates physicians’ offices and health care centers and offers home care, hospice care, and behavioral health services, as well.

Historically, medical specialists working in behavioral health services have been largely spared from large-scale HIPAA enforcement fines. But this fine suggests a growing trend in HIPAA enforcement–settlements are quickly moving away from traditional enforcement, into more niche health care sectors.

Last week, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced its first HIPAA settlement of 2017 with Presence Health for $475,000.This is the first fine in the history of HIPAA enforcement levied for a failure to notify over 800 patients of a breach of unsecured protected health information (PHI) in accordance with the standards of the HIPAA Breach Notification Rule. PHI includes any health data containing identifiable information like dates of birth, names, addresses, etc.

HIPAA, HITECH, Omnibus, PCI regulations – these are words that can strike fear into the heart of any Behavioral Health organization. They don’t need to as we found after speaking with our guest today on Mental Health News Radio. We sat down with Marc Haskelson, the President and CEO of Compliancy Group, to find out how easy compliance can be.